Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsent
Free plan · 10-min setup
Drift is a US-based conversational marketing and sales platform (acquired by Salesloft) that uses AI-powered chatbots, live chat, and account-based targeting to engage website visitors in real time. Drift tracks visitor identity, company data, and behaviour to personalise conversations. On EU-facing websites, Drift cookies and visitor profiling require consent. All data is processed on US infrastructure requiring SCCs. Drift is one of the more GDPR-complex chat and marketing platforms due to its deep visitor identification and account-based targeting capabilities.
Drift is a conversational marketing and sales platform that uses AI-powered chatbots, live chat, video messaging, and account-based targeting to engage website visitors at the right moment. Originally known as a leader in conversational marketing, Drift was acquired by Salesloft in 2023 and is now positioned as part of a broader revenue orchestration platform. Drift''s key differentiator is its ability to identify anonymous website visitors by company, personalise chatbot conversations, and route high-value accounts directly to sales.
Drift collects visitor IP addresses (used for company identification via reverse IP lookup), browser cookies containing visitor IDs and session data, chat conversation transcripts, contact details provided during chat (name, email, phone), page visit history, and CRM-enriched account data. When account-based targeting is enabled, Drift enriches visitor profiles with firmographic data from third-party sources. This creates detailed visitor profiles before the visitor has identified themselves.
Drift cookies for visitor identification and session tracking require consent under the ePrivacy Directive before the widget loads. The Drift JavaScript tag must not fire until consent is given. Drift provides a consent mode that delays cookie setting until consent is obtained. Integrate Drift with your CMP consent callback to ensure the widget loads only after analytics and advertising consent.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
All Drift data is processed on Salesloft/Drift US infrastructure. Sign the Drift DPA which includes SCCs for EU-US data transfers. Disclose the US transfer in your privacy policy. For CRM integrations, ensure the CRM system also has appropriate transfer mechanisms in place for the same personal data.
Sign DPA and SCCs. Load Drift only after consent via CMP integration. Disable or limit account-based targeting features if you cannot obtain valid consent. Add Drift to your cookie policy and privacy policy disclosing visitor identification, US transfer, and chat data processing. Implement a DPIA if using account-based targeting with visitor enrichment. Configure Drift to honour opt-out requests and delete contact data when erasure requests are received.
Websites using Drift must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is recommended for Drift deployments with account-based targeting and visitor identification enabled. The combination of IP-to-company matching, cross-session visitor tracking, and US data transfers constitutes high-risk processing requiring documented assessment.
Sample consent text
We use Drift to provide live chat and personalise your experience on this website. Drift uses cookies to identify you and personalise conversations based on your company and behaviour. Data is processed in the US. You can decline these cookies below.
Third-party domains contacted
drift.comjs.driftt.comapi.drift.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| driftt_aid | persistent | 2 years | Drift anonymous visitor ID for cross-session visitor identification and account-based targeting |
| driftt_sid | session | Session | Drift session identifier for managing the active chat session |
Drift uses cookies for user preferences — inform visitors with a consent banner.
Yes. Drift cookies for visitor identification, session tracking, and account-based targeting require opt-in consent under the ePrivacy Directive. The Drift script must be blocked by your CMP until analytics and advertising consent is given.
Drift sets a visitor ID cookie (driftt_aid, persistent), a session cookie (driftt_sid), and account targeting cookies. These persist across sessions to identify returning visitors and personalise chatbot experiences.
Yes. Drift (Salesloft) processes all data on US infrastructure. Standard Contractual Clauses are required. Sign the Drift DPA from the Drift privacy portal before deploying on EU-facing websites.
Consent for cookies and tracking. Legitimate interest may apply for chat conversations clearly initiated by the user for support purposes. Account-based targeting and visitor profiling require consent regardless of conversation initiation.
Recommended. If using Drift's account-based targeting, visitor identification, and IP-to-company matching, the combination of these features with US data transfers constitutes high-risk processing warranting a DPIA.
Use Drift's consent mode API or your CMP's tag blocking feature to prevent the Drift script from loading until the user accepts analytics/advertising cookies. Most major CMPs (Cookiebot, OneTrust, Axeptio) support conditional Drift loading.
Use the Drift admin console to search for contacts by email and delete their data. For GDPR erasure requests, Drift provides a contact deletion API. Document all deletions and respond to the data subject within 30 days.
EU-hosted alternatives include Crisp (France), Userlike (Germany), and Landbot (Spain). These provide live chat and chatbot capabilities with EU data residency, avoiding US transfer complexity. Intercom offers EU data residency on enterprise plans.